Resolved issues

What's new in Mobile Client 4.10.15

OpenSSL upgrade

Blue Cedar Mobile Client 4.10.15 is updated to include OpenSSL 1.1.1k, released on 25 March 2021. This update provides a stronger encryption key for Data at Rest protection.

What do I need to do?

You don't need to do anything to migrate DAR-protected apps and their files to the new version of OpenSSL and encryption key. Note that once those files are migrated, they cannot be used by previous versions if you want to downgrade the app for any reason.

Curl upgrade

Blue Cedar Mobile Client 4.10.15 is updated to include curl 7.76.1. This update picks up any security-related fixes curl has made. 

What do I need to do?

This curl update is transparent to platform users and mobile users; no action is needed.

Microsoft Authentication Library (MSAL)

The Blue Cedar Accelerator for Microsoft now includes the Microsoft Authentication Library (MSAL) instead of the Azure Active Directory Authentication Library (ADAL). MSAL supports all Microsoft identities, not just Azure AD accounts, and is standards compatible with OAuth v2.0 and OpenID Connect. For more information about ADAL vs MSAL, see the Microsoft documentation:

What do I need to do?

Review the  Open issues/limitations with this MSAL release section below.

Open issues/limitations with this MSAL release

Support for these MSAL features is not implemented in this release of the Blue Cedar mobile client:

  • Sovereign Cloud Registration (MOB-1860)
  • Multiple trusted authorities (MOB-2012)
  • Scope specification (MOB-2283)

Some mobile apps that include ADAL or MSAL packages before any integration via the Blue Cedar Platform cannot be integrated with the Blue Cedar Accelerator for Microsoft. Apps with incompatibilities in this area may encounter issues during integration, or at run time. This is a limitation of the Microsoft packages and Objective-C namespaces that causes the MSAL package added by Blue Cedar's Microsoft Accelerator to potentially collide with the pre-existing Microsoft authentication library.

Refer to this compatibility table for basic guidance:

Mobile OS

Pre-existing authentication library

Successful integration

iOSMSALYes
AndroidADALYes
iOSADALNo
AndroidMSALNo

For more information from Microsoft, see these pages:


Resolved in Mobile Client 4.10.15

Item

Mobile OS

Accelerator/Service

Description

BBY-104AndroidBlackBerryImage and video capture on the device is now allowed even when App Kinetics with Data Loss Prevention is enabled.
BBY-105AndroidBlackBerryAdded support for javascript Navigator.sendBeacon() command.
BBY-106AndroidBlackBerryFixed an issue where WebView handling was not accessing the secure container correctly for downloaded files.
SPT-2347Android, iOSSigningFixed an issue where the signing script failed when run on apps with spaces in the filenames. 
SPT-2548iOSSigningResolved an issue with external code signing on iOS with Python 3.9 
SPT-2570iOSMicrosoftFixed a rare hang in an app integrated with Intune. 

Resolved in Cloud Platform 4.34.0

Item

Component

Accelerator/Service

Description

BCP-6411PlatformMicrosoftAdded the ability to configure auth-group when using the Blue Cedar Connect Gateway with the Secure Microtunnel policy.

Resolved in Mobile Client 4.10.13

ItemMobile OSAcceleratorDescription

SPT-2479

iOSBlue CedarResolved an issue sharing large files using Data At Rest.

Resolved in Mobile Client 4.10.12

Item

Mobile OS

Accelerator

Description

SPT-2170iOSBlue CedarResolved issue with multiple "No such file or directory" errors.
MOB-1573AndroidMicrosoftFixed an issue with packageName parsing on Android.
SPT-2486iOSBlue CedarModified file handling to better support file writing.
SPT-2494iOSBlue CedarResolved an issue with NSURLSession where authentication challenges were not being handled correctly.
SPT-2493iOS Blue CedarResolved an issue where pages using mmap and custom signal handlers may not work correctly when using Data at Rest.
SPT-2507iOSBlue CedarResolved an issue where some portrait-only apps may display incorrectly if the device is held in landscape mode.
SPT-2515iOSPolicy ConsoleFixed an issue with invalid Icon error when uploading iOS apps to the policy console.

What's new in Mobile Client 4.10.11

Microsoft Intune SDKs 

The Blue Cedar Accelerator for Microsoft integrates these Microsoft Intune App SDK releases:

  • iOS
    • Microsoft Intune App SDK 13.0.0 for iOS. Requires iOS 12.0 or later.
    • Azure Active Directory Authentication Libraries (ADAL) 2.7.16 for iOS (no change with Mobile Client 4.10.11)
  • Android
    • Microsoft Intune App SDK 7.0.1 for Android. 
    • Azure Active Directory Authentication Libraries (ADAL) 1.16.3 for Android (no change with Mobile Client 4.10.11)

Note:  32-bit targets (i386 and arm_v7) are no longer supported for Intune.


Limitations with this Intune SDK update: (green star)

Support for these new Intune APIs is not implemented in this release of the Blue Cedar mobile client:

  • isOpenFromAllowed (MOB-1598): 

    True if the management policy allows applications to open files from the account into the managed app. Applications should check this policy and if false should disable any UI which allows users to open documents from this account and location into the managed app. 

  • showSharingBlockedMessage (MOB-1599):

    Shows an alert displaying an error message to the user, indicated that the requested sharing action was blocked. 

  • isExternalUrl (MOB-1631): 

    Enable new behavior surrounding website navigation in WKWebViews. Websites marked as external would open into Edge rather than within the webview if outgoing share policy is restricted. 

Resolved in Mobile Client 4.10.11

Item

Mobile OS

Accelerator

Description

SPT-2305AndroidAllImproved support for cut/copy/paste protection on Android, particularly on Samsung devices.
SPT-2399, BBY-37, BBY-50iOSBlackBerryAdded support for loading file URLs for videos.

MOB-1439

iOSAll

All Veracode flaws detected in iOS code were fixed or mitigated (in case they were false positives). See Veracode Scanning Results for current reports.

SPT-2424iOSAllFixed an issue where some React Native apps would display UI incorrectly after rotation on iOS devices with a notched display.
BBY-57iOSBlackBerryFixed an issue where App Config values configured via UEM were not accessible to iOS apps integrated with the Blue Cedar Accelerator for BlackBerry.
SPT-2331iOSAllAdded support for WKWebView in storyboards.
SPT-2170iOSAllResolved an issue with authentication challenge handling for iOS apps using platform networking APIs other than WKWebView (such as NSURLSession).
SPT-2480iOS, AndroidAllFixed an issue with apps hanging when reconnecting to a legacy gateway.
SPT-2365AndroidAllFixed an issue where a notification lock wasn't always being dismissed properly.
MOB-1634iOSEnforceFixed an issue where app groups were not always rewritten when integrated without Data at Rest policies enabled.
SPT-2484AndroidEnforceFixed an issue with the app groups feature combined with the Local App Authentication policy.
BBY-75AndroidBlackBerryFixed an issue with the handling of Android Intent attached extras.

What's new in Mobile Client 4.10.10

iOS 14 support 

Blue Cedar includes support for the Apple iOS 14 release. Apps that were previously integrated with Blue Cedar and that worked on iOS 13 are expected to work without issues when reintegrated with Blue Cedar. Apps that target new APIs and features for iOS 14 may have issues. See the Open issues/limitations list below.

Android 11 support 

Blue Cedar includes support for the Android 11 release. Apps that were previously integrated with Blue Cedar and that worked on Android 10 are expected to work without issues when reintegrated with Blue Cedar. Apps that target new APIs and features for Android 11 may have issues. See the Open issues/limitations list below.

Microsoft Intune SDKs (green star)

The Blue Cedar Accelerator for Microsoft integrates these Microsoft Intune App SDK releases:

  • iOS
    • Microsoft Intune App SDK 13.0.0 for iOS. Requires iOS 12.0 or later.
    • Azure Active Directory Authentication Libraries (ADAL) 2.7.16 for iOS (no change with Mobile Client 4.10.10)
  • Android
    • Microsoft Intune App SDK 7.0.1 for Android.
    • Azure Active Directory Authentication Libraries (ADAL) 1.16.3 for Android (no change with Mobile Client 4.10.10)

Note:  32-bit targets (i386 and arm_v7) are no longer supported for Intune.

Resolved in Mobile Client 4.10.10

Item

Mobile OS

Accelerator

Description

MOB-1444iOSBlackBerryBlackBerry Dynamics 8.1 does not support apps built with any version of Xcode before Xcode 11. During integration, the client detects the Xcode version and integrates older apps with Dynamics SDK 7.0. Apps built with Xcode 11+ will integrate with Dynamics SDK 8.1. This is a BlackBerry limitation.
SPT-2315AndroidEnforceFixed an issue where trying to email logs from an integrated app would either crash or send a zip file with no entries.
BBY-29, BBY-40Android, iOSBlackBerryFixed an issue around opening URLs after backgrounding an app.
BBY-37, SPT-2399iOSBlackBerryAdded support for loading file URLs.
BBY-51, SPT-2397AndroidBlackBerryFixed issues with file sharing intents and content URI handling.
BBY-47, SPT-2389AndroidBlackBerryFixed an issue with launching external apps.
BBY-31Android, iOSBlackBerryAddressed issues handling various media formats.
BBY-52iOSBlackBerryUpdated NSStreamSocket handling.
BBY-39AndroidBlackBerry cloud

Added a new option to configure the BlackBerry app security policy to rewrite app IDs when launching apps from integrated apps. 

This feature is only needed in certain circumstances. See BlackBerry Dynamics SDK options for details.

Open issues/limitations 

Limitations with this Blue Cedar release for iOS 14 include: 

  • Support for new iOS 14 features is not fully implemented in this release, including:
    • New Photos picker: a way to access pictures from the Photos app without requesting direct library access
    • HTTP Live Streaming (HLS) 
    • App Clips: small parts of an app designed for quick task completion

Limitations with this Blue Cedar release for Android 11 include: 

  • No support for Android Emulators running Android 11.

Resolved in Mobile Client 4.10.9

Item

Mobile OS

Accelerator

Description

SPT-2358AndroidEnforceFixed a crash that could occur when accessing data encrypted with an unrecognized DAR key after using the "Clear Secure Data" button.
SPT-2362iOSAllResolved an issue where apps implementing BGTaskScheduler may crash on launch.
SPT-2338iOSBlackBerry

Added automatic handling of iOS App Group IDs when an app is signed by Blue Cedar scripts with a Provisioning Profile containing exactly one App Group ID.

The App Group ID in the Provisioning Profile is used to replace any App Group IDs requested by the app at runtime. This can allow apps with hard-coded App Group IDs to continue to work if they must be re-signed using a different Apple Developer account (such as third-party apps), since App Group IDs are globally unique. 

SPT-2175AndroidAllFixed an issue where apps using illegal Android resource names starting with "$$" failed to integrate.
SPT-2372AndroidBlackBerryFixed a crash caused by apps using a sharedUserID.
MOB-1323AndroidAllFixed an icon overlay issue with apps that do not have round icons.

What's new in Mobile Client 4.10.8

Python compatibility

Blue Cedar Mobile Client versions 4.10.8 and later are Python 3-based, as Python 2.x is no longer supported. Most of the implications of this upgrade are internal to Blue Cedar products. However, if you sign integrated apps with the Blue Cedar export for signing feature, the server where the signing scripts are executed must have Python 3 installed. 

For more information, see External app signing with Python 3.

Resolved in Mobile Client 4.10.8

Item

Mobile OS

Accelerator

Description

BBY-29iOSEnforce, BlackBerryResolved an issue where apps opened via custom URL schemes may not launch or behave correctly.
SPT-2211AndroidEnforceFixed an issue where an app would crash when trying to prompt the user while in the background.
SPT-2321iOSEnforce

Apps that utilize WKHTTPCookieStore may not properly store/retrieve cookies. Some apps have been seen to have SSO issues related to this issue. This issue has been solved for Blue Cedar in-app security.

Note: This issue is still open for the Blue Cedar Accelerator for BlackBerry.

SPT-2354Android 10EnforceFixed a failure on Android 10 devices when DAR is enabled, causing a Fiori white screen to occur.
SPT-2361AndroidBlackBerryAdded support for Kony APK package name renaming.
SPT-2364iOS
Fixed an issue where an app could render pages incorrectly after handling a redirect. Updated cookie handling to better support WebKit cookies.



Resolved in Mobile Client 4.10.7

Item

Mobile OS

Accelerator

Description

BBY-27AndroidBlackBerryFixed BlackBerry SDK TextView string casting exception.
SPT-2286AndroidMicrosoft

Fixed an issue integrating Microsoft accelerator with  minified/obfuscated Android Support Libraries existing in an app. 

SPT-2293AndroidAllThe User Interaction lock notification now only appears on user devices if there are credentials requested. The app must be backgrounded or not running when the system started an app service or broadcast receiver. Previously the lock would always appear if Secure Connectivity or Local App Authentication was configured.
SPT-2286AndroidMicrosoftFixed an issue with trailing newlines in HTTP header values.
SPT-2307AndroidAllImproved handling of Android broadcast receiver notifications for apps that are not currently running. The integration setup time prior to app control will no longer be a factor in the timely handling of system notifications.
SPT-2345AndroidAllAddressed an issue in the formatting of the generated signing script.
SPT-2351AndroidBlue CedarFixed an issue where the Blue Cedar client would periodically re-take control briefly in an Enforce integrated app with no local auth policy
SPT-2352AndroidAllFixed an issue where some web requests would take a long time to complete on dual IPv4/IPv6 networks.
SPT-2354AndroidAllFixed an issue when accessing local authentication data in certain circumstances.
SPT-2359Android, iOSAllResolved an issue where non-standard authentication headers might not be provided correctly to an app.
SPT-2366iOSBlackBerryFixed an issue where some BlackBerry-integrated iOS apps were crashing when going into the background.
MOB-1029iOSEnforce

Enforce is now correctly prompting for auth in XamarinForms with WKWebView

MOB-1077iOSBlackBerryDOMAIN\user style passwords for NTLM authentication are now handled correctly for the BlackBerry Accelerator
MOB-1122AndroidAllIdentified potential security risks in certificate trust handling and corrected them.
MOB-1128AndroidAllResolved an issue where retrieving a cached ADAL token caused the app to hang  intermittently.


Resolved in Mobile Client 4.10.6

Item

Mobile OS

Accelerator

Description

SPT-2308, SPT-2338iOSAllResolved an issue with app initialization where apps relying on launch storyboards were crashing upon access.
SPT-2341Android, iOSAllFixed an IKEv2 deadlock that was causing app crashes, most frequently when foregrounding an iOS app.
SPT-2195iOSAllRemoved UIWebView references and push notifications that were triggering warnings for App Store Connect submissions.
SPT-2315AndroidAllFixed an issue where emailing logs from integrated app caused app to crash.
SPT-2292Android, iOSAllCorrected a color contrast issue for accessibility.
SPT-2002, SPT-2005, SPT-2007iOSAllAdded better support for voiceover and visibility impaired accessibility features.



Resolved in Mobile Client 4.10.5

Item

Mobile OS

Accelerator

Description

SPT-2318, SPT-2320Android, iOSAllImplemented several improvements for IPv6 connectivity around available DNS servers.



Resolved in Mobile Client 4.10.4

Item

Mobile OS

Accelerator

Description

SPT-2149AndroidBlackBerryFixed an issue with BlackBerry integration when full paths to SQLite databases were provided.
SPT-2292AndroidAllFixed an issue with accessibility customization.
SPT-2334Android
Fixed an issue where an accessibility reader was reading element names instead of contents.
SPT-2318, SPT-2320Android, iOSGatewayFixed an issue with IPv6 connectivity.
SPT-2305AndroidAllFixed an issue caused by cut/copy/paste interception on certain Samsung devices.
SPT-2307AndroidAllImproved handling of Android broadcast receivers. During launch, the integrated app was sometimes interfering with the timing of broadcast handling. The client now handles the message earlier in the setup process. 

Resolved in Mobile Client 4.10.3

Item

Mobile OS

Accelerator

Description

MOB-1004AndroidAllImproved handling of broadcasts received by background services in certain circumstances.
SPT-2209AndroidAllWeb SQL Databases will not be intercepted/encrypted for Android apps that use WebView.
SPT-2224AndroidAllRemoved unneeded manifest permission which was causing integrated apps to hang during login.
SPT-2307AndroidAllImproved handling of background services that require network access.
SPT-2312AndroidAllFixed an issue where the mobile client added an empty element with an ID of "legal" which caused the word "legal" to be read by an accessibility reader. An empty element is now handled appropriately.


Resolved in Mobile Client 4.10.2

Item

Mobile OS

Accelerator

Description

SPT-2306Android, iOSBlackBerryFixed a cookie-handling issue where single sign-on was not working with apps using WebView and integrated with the Blue Cedar Accelerator for BlackBerry. 
SPT-2305Android 9AllFixed an exception caused by cut/copy/paste interception on certain Samsung devices.
SPT-2302Android, iOSAllFixed an issue where starting the app for the first time with no internet connectivity on the device, allows access to the app without enrollment
SPT-2294AndroidAllFixed an issue where a connected app would lose connectivity and be unable to reconnect in certain circumstances when connectivity became available. 


Resolved in Mobile Client 4.10.1

Item

Mobile OS

Accelerator

Description

SPT-2266iOSAllFixed an issue where IPv6 system DNS servers were not being read on an iOS device.

Resolved in Mobile Client 4.10.0

Item

Mobile OS

Accelerator

Description

SPT-2254AndroidAllFixed an issue with interception of JobService.
MOB-892AndroidEnforceCorrected vulnerabilities identified via security scanning tools.
MOB-886AndroidAllCorrected vulnerabilities identified via security scanning tools.
SPT-2272AndroidAllFixed an issue when app wouldn't reconnect following background/foreground and Wi-Fi off/on transitions.


Open issues/limitations

  • AndroidX support: Blue Cedar is actively working on full support for apps using the AndroidX library.
  • Browser support:  Supported browsers for using the Blue Cedar Platform UI are Chrome and Firefox. Safari, Edge, and Internet Explorer are not currently supported.
  • SmartOffice on Samsung devices: The SmartOffice app (integrated with any Blue Cedar accelerator) displays a black screen on specific Samsung devices running Android 9. Other devices/versions may be affected. (MOB-72)

Limitations with integrating Microsoft Intune: 

  • Intune Data Sharing: Intune policies to prohibit receiving data from unmanaged apps are not applied correctly. (iOS, MOB-185)
  • Save copies of org data: The Intune Data Protection setting "Save copies of Org data" is not enforced for apps that use Blue Cedar to integrate the Intune SDK. (MOB-168)

Documentation and technical support

This release includes online documentation. To access this documentation, see  https://apollo.bluecedar.com/knowledge-base/ .